From c1e917fecc428c04abe16bd6ea675b2d10fe4669 Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Thu, 18 Nov 2021 19:20:50 +0300
Subject: Use pkeyutl command instead of rsautl starting openssl version 3.0.0

---
 bbot/agent/agent.cxx | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/bbot/agent/agent.cxx b/bbot/agent/agent.cxx
index cfd1e7d..982f67c 100644
--- a/bbot/agent/agent.cxx
+++ b/bbot/agent/agent.cxx
@@ -28,6 +28,7 @@
 #include <libbutl/sha256.hxx>
 #include <libbutl/openssl.hxx>
 #include <libbutl/filesystem.hxx> // dir_iterator, try_rmfile(), readsymlink()
+#include <libbutl/semantic-version.hxx>
 
 #include <libbbot/manifest.hxx>
 
@@ -1316,6 +1317,29 @@ try
     ilogin = machine_vnc (true /* public */);
   }
 
+  // Use the pkeyutl openssl command for signing the task response challenge
+  // if openssl version is greater or equal to 3.0.0 and the rsautl command
+  // otherwise.
+  //
+  // Note that openssl 3.0.0 deprecates rsautl in favor of pkeyutl.
+  //
+  const char* sign_cmd;
+
+  try
+  {
+    optional<openssl_info> oi (openssl::info (trace, 2, ops.openssl ()));
+
+    sign_cmd = oi                    &&
+               oi->name == "OpenSSL" &&
+               oi->version >= semantic_version {3, 0, 0}
+               ? "pkeyutl"
+               : "rsautl";
+  }
+  catch (const system_error& e)
+  {
+    fail << "unable to obtain openssl version: " << e << endf;
+  }
+
   for (unsigned int sleep (0);; ::sleep (sleep), sleep = 0)
   {
     bootstrapped_machines ms (enumerate_machines (ops.machines ()));
@@ -1555,7 +1579,7 @@ try
 
       openssl os (trace,
                   fdstream_mode::text, path ("-"), 2,
-                  ops.openssl (), "rsautl",
+                  ops.openssl (), sign_cmd,
                   ops.openssl_option (), "-sign", "-inkey", ops.auth_key ());
 
       os.out << *tr.challenge;
-- 
cgit v1.1